Sciweavers

EUROCRYPT
2006
Springer

Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures

14 years 3 months ago
Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures
Abstract. Lattice-based signature schemes following the GoldreichGoldwasser-Halevi (GGH) design have the unusual property that each signature leaks information on the signer's secret key, but this does not necessarily imply that such schemes are insecure. At Eurocrypt '03, Szydlo proposed a potential attack by showing that the leakage reduces the key-recovery problem to that of distinguishing integral quadratic forms. He proposed a heuristic method to solve the latter problem, but it was unclear whether his method could attack real-life parameters of GGH and NTRUSign. Here, we propose an alternative method to attack signature schemes `a la GGH, by studying the following learning problem: given many random points uniformly distributed over an unknown n-dimensional parallelepiped, recover the parallelepiped or an approximation thereof. We transform this problem into a multivariate optimization problem that can provably be solved by a gradient descent. Our approach is very effec...
Phong Q. Nguyen, Oded Regev
Added 22 Aug 2010
Updated 22 Aug 2010
Type Conference
Year 2006
Where EUROCRYPT
Authors Phong Q. Nguyen, Oded Regev
Comments (0)